13 files changed, 80 insertions, 84 deletions

diff --git a/pkg/tcpip/link/fdbased/endpoint_test.go b/pkg/tcpip/link/fdbased/endpoint_test.go
index a87abc6d6..987a34226 100644
--- a/pkg/tcpip/link/fdbased/endpoint_test.go
+++ b/pkg/tcpip/link/fdbased/endpoint_test.go
@@ -501,7 +501,7 @@ func TestRecvMMsgDispatcherCapLength(t *testing.T) {
 			msgHdrs: make([]rawfile.MMsgHdr, 1),
 		}
 
-		for i, _ := range d.views {
+		for i := range d.views {
 			d.views[i] = make([]buffer.View, len(c.config))
 		}
 		for i := range d.iovecs {
diff --git a/pkg/tcpip/network/ipv6/icmp_test.go b/pkg/tcpip/network/ipv6/icmp_test.go
index 34a6a8446..bbce1ef78 100644
--- a/pkg/tcpip/network/ipv6/icmp_test.go
+++ b/pkg/tcpip/network/ipv6/icmp_test.go
@@ -1535,7 +1535,7 @@ func TestPacketQueing(t *testing.T) {
 			}
 
 			s.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					Destination: host1IPv6Addr.AddressWithPrefix.Subnet(),
 					NIC:         nicID,
 				},
diff --git a/pkg/tcpip/network/ipv6/mld_test.go b/pkg/tcpip/network/ipv6/mld_test.go
index e2778b656..f6ffa7133 100644
--- a/pkg/tcpip/network/ipv6/mld_test.go
+++ b/pkg/tcpip/network/ipv6/mld_test.go
@@ -267,7 +267,7 @@ func TestSendQueuedMLDReports(t *testing.T) {
 					globalMulticastAddr: false,
 					linkLocalAddrSNMC:   false,
 				}
-				for _ = range addrs {
+				for range addrs {
 					p, ok := e.Read()
 					if !ok {
 						t.Fatalf("expected MLD report for %s and %s; addrs = %#v", globalMulticastAddr, linkLocalAddrSNMC, addrs)
diff --git a/pkg/tcpip/network/ipv6/ndp_test.go b/pkg/tcpip/network/ipv6/ndp_test.go
index 7ddb19c00..b1a5a5510 100644
--- a/pkg/tcpip/network/ipv6/ndp_test.go
+++ b/pkg/tcpip/network/ipv6/ndp_test.go
@@ -581,7 +581,7 @@ func TestNeighorSolicitationResponse(t *testing.T) {
 					}
 
 					s.SetRouteTable([]tcpip.Route{
-						tcpip.Route{
+						{
 							Destination: header.IPv6EmptySubnet,
 							NIC:         1,
 						},
diff --git a/pkg/tcpip/network/multicast_group_test.go b/pkg/tcpip/network/multicast_group_test.go
index 05d98a0a5..0f4f0e1e1 100644
--- a/pkg/tcpip/network/multicast_group_test.go
+++ b/pkg/tcpip/network/multicast_group_test.go
@@ -1095,7 +1095,7 @@ func TestMGPWithNICLifecycle(t *testing.T) {
 					seen[a] = false
 				}
 
-				for i, _ := range test.multicastAddrs {
+				for i := range test.multicastAddrs {
 					p, ok := e.Read()
 					if !ok {
 						t.Fatalf("expected (%d-th) leave message to be sent", i)
@@ -1122,7 +1122,7 @@ func TestMGPWithNICLifecycle(t *testing.T) {
 					seen[a] = false
 				}
 
-				for i, _ := range test.multicastAddrs {
+				for i := range test.multicastAddrs {
 					p, ok := e.Read()
 					if !ok {
 						t.Fatalf("expected (%d-th) report message to be sent", i)
@@ -1143,7 +1143,7 @@ func TestMGPWithNICLifecycle(t *testing.T) {
 			if got := sentLeaveStat.Value(); got != leaveCounter {
 				t.Errorf("got sentLeaveStat.Value() = %d, want = %d", got, leaveCounter)
 			}
-			for i, _ := range test.multicastAddrs {
+			for i := range test.multicastAddrs {
 				if _, ok := e.Read(); !ok {
 					t.Fatalf("expected (%d-th) leave message to be sent", i)
 				}
diff --git a/pkg/tcpip/stack/conntrack.go b/pkg/tcpip/stack/conntrack.go
index 9a17efcba..5e649cca6 100644
--- a/pkg/tcpip/stack/conntrack.go
+++ b/pkg/tcpip/stack/conntrack.go
@@ -142,19 +142,19 @@ func (cn *conn) timedOut(now time.Time) bool {
 
 // update the connection tracking state.
 //
-// Precondition: ct.mu must be held.
-func (ct *conn) updateLocked(tcpHeader header.TCP, hook Hook) {
+// Precondition: cn.mu must be held.
+func (cn *conn) updateLocked(tcpHeader header.TCP, hook Hook) {
 	// Update the state of tcb. tcb assumes it's always initialized on the
 	// client. However, we only need to know whether the connection is
 	// established or not, so the client/server distinction isn't important.
 	// TODO(gvisor.dev/issue/170): Add support in tcpconntrack to handle
 	// other tcp states.
-	if ct.tcb.IsEmpty() {
-		ct.tcb.Init(tcpHeader)
-	} else if hook == ct.tcbHook {
-		ct.tcb.UpdateStateOutbound(tcpHeader)
+	if cn.tcb.IsEmpty() {
+		cn.tcb.Init(tcpHeader)
+	} else if hook == cn.tcbHook {
+		cn.tcb.UpdateStateOutbound(tcpHeader)
 	} else {
-		ct.tcb.UpdateStateInbound(tcpHeader)
+		cn.tcb.UpdateStateInbound(tcpHeader)
 	}
 }
 
diff --git a/pkg/tcpip/stack/iptables.go b/pkg/tcpip/stack/iptables.go
index 2d8c883cd..09c7811fa 100644
--- a/pkg/tcpip/stack/iptables.go
+++ b/pkg/tcpip/stack/iptables.go
@@ -45,13 +45,13 @@ const reaperDelay = 5 * time.Second
 func DefaultTables() *IPTables {
 	return &IPTables{
 		v4Tables: [NumTables]Table{
-			NATID: Table{
+			NATID: {
 				Rules: []Rule{
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
-					Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
 				},
 				BuiltinChains: [NumHooks]int{
 					Prerouting:  0,
@@ -68,11 +68,11 @@ func DefaultTables() *IPTables {
 					Postrouting: 3,
 				},
 			},
-			MangleID: Table{
+			MangleID: {
 				Rules: []Rule{
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
-					Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
 				},
 				BuiltinChains: [NumHooks]int{
 					Prerouting: 0,
@@ -86,12 +86,12 @@ func DefaultTables() *IPTables {
 					Postrouting: HookUnset,
 				},
 			},
-			FilterID: Table{
+			FilterID: {
 				Rules: []Rule{
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
-					Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
+					{Target: &ErrorTarget{NetworkProtocol: header.IPv4ProtocolNumber}},
 				},
 				BuiltinChains: [NumHooks]int{
 					Prerouting:  HookUnset,
@@ -110,13 +110,13 @@ func DefaultTables() *IPTables {
 			},
 		},
 		v6Tables: [NumTables]Table{
-			NATID: Table{
+			NATID: {
 				Rules: []Rule{
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
-					Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
 				},
 				BuiltinChains: [NumHooks]int{
 					Prerouting:  0,
@@ -133,11 +133,11 @@ func DefaultTables() *IPTables {
 					Postrouting: 3,
 				},
 			},
-			MangleID: Table{
+			MangleID: {
 				Rules: []Rule{
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
-					Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
 				},
 				BuiltinChains: [NumHooks]int{
 					Prerouting: 0,
@@ -151,12 +151,12 @@ func DefaultTables() *IPTables {
 					Postrouting: HookUnset,
 				},
 			},
-			FilterID: Table{
+			FilterID: {
 				Rules: []Rule{
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
-					Rule{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
-					Rule{Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &AcceptTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
+					{Target: &ErrorTarget{NetworkProtocol: header.IPv6ProtocolNumber}},
 				},
 				BuiltinChains: [NumHooks]int{
 					Prerouting:  HookUnset,
@@ -175,9 +175,9 @@ func DefaultTables() *IPTables {
 			},
 		},
 		priorities: [NumHooks][]TableID{
-			Prerouting: []TableID{MangleID, NATID},
-			Input:      []TableID{NATID, FilterID},
-			Output:     []TableID{MangleID, NATID, FilterID},
+			Prerouting: {MangleID, NATID},
+			Input:      {NATID, FilterID},
+			Output:     {MangleID, NATID, FilterID},
 		},
 		connections: ConnTrack{
 			seed: generateRandUint32(),
diff --git a/pkg/tcpip/stack/iptables_types.go b/pkg/tcpip/stack/iptables_types.go
index 4b86c1be9..56a3e7861 100644
--- a/pkg/tcpip/stack/iptables_types.go
+++ b/pkg/tcpip/stack/iptables_types.go
@@ -56,7 +56,7 @@ const (
 	// Postrouting happens just before a packet goes out on the wire.
 	Postrouting
 
-	// The total number of hooks.
+	// NumHooks is the total number of hooks.
 	NumHooks
 )
 
@@ -273,14 +273,12 @@ func (fl IPHeaderFilter) match(pkt *PacketBuffer, hook Hook, nicName string) boo
 			return true
 		}
 
-		// If the interface name ends with '+', any interface which begins
-		// with the name should be matched.
+		// If the interface name ends with '+', any interface which
+		// begins with the name should be matched.
 		ifName := fl.OutputInterface
-		matches := true
+		matches := nicName == ifName
 		if strings.HasSuffix(ifName, "+") {
 			matches = strings.HasPrefix(nicName, ifName[:n-1])
-		} else {
-			matches = nicName == ifName
 		}
 		return fl.OutputInterfaceInvert != matches
 	}
diff --git a/pkg/tcpip/tests/integration/forward_test.go b/pkg/tcpip/tests/integration/forward_test.go
index 60054d6ef..4c2084d19 100644
--- a/pkg/tcpip/tests/integration/forward_test.go
+++ b/pkg/tcpip/tests/integration/forward_test.go
@@ -285,58 +285,58 @@ func TestForwarding(t *testing.T) {
 			}
 
 			host1Stack.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					Destination: host1IPv4Addr.AddressWithPrefix.Subnet(),
 					NIC:         host1NICID,
 				},
-				tcpip.Route{
+				{
 					Destination: host1IPv6Addr.AddressWithPrefix.Subnet(),
 					NIC:         host1NICID,
 				},
-				tcpip.Route{
+				{
 					Destination: host2IPv4Addr.AddressWithPrefix.Subnet(),
 					Gateway:     routerNIC1IPv4Addr.AddressWithPrefix.Address,
 					NIC:         host1NICID,
 				},
-				tcpip.Route{
+				{
 					Destination: host2IPv6Addr.AddressWithPrefix.Subnet(),
 					Gateway:     routerNIC1IPv6Addr.AddressWithPrefix.Address,
 					NIC:         host1NICID,
 				},
 			})
 			routerStack.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					Destination: routerNIC1IPv4Addr.AddressWithPrefix.Subnet(),
 					NIC:         routerNICID1,
 				},
-				tcpip.Route{
+				{
 					Destination: routerNIC1IPv6Addr.AddressWithPrefix.Subnet(),
 					NIC:         routerNICID1,
 				},
-				tcpip.Route{
+				{
 					Destination: routerNIC2IPv4Addr.AddressWithPrefix.Subnet(),
 					NIC:         routerNICID2,
 				},
-				tcpip.Route{
+				{
 					Destination: routerNIC2IPv6Addr.AddressWithPrefix.Subnet(),
 					NIC:         routerNICID2,
 				},
 			})
 			host2Stack.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					Destination: host2IPv4Addr.AddressWithPrefix.Subnet(),
 					NIC:         host2NICID,
 				},
-				tcpip.Route{
+				{
 					Destination: host2IPv6Addr.AddressWithPrefix.Subnet(),
 					NIC:         host2NICID,
 				},
-				tcpip.Route{
+				{
 					Destination: host1IPv4Addr.AddressWithPrefix.Subnet(),
 					Gateway:     routerNIC2IPv4Addr.AddressWithPrefix.Address,
 					NIC:         host2NICID,
 				},
-				tcpip.Route{
+				{
 					Destination: host1IPv6Addr.AddressWithPrefix.Subnet(),
 					Gateway:     routerNIC2IPv6Addr.AddressWithPrefix.Address,
 					NIC:         host2NICID,
diff --git a/pkg/tcpip/tests/integration/link_resolution_test.go b/pkg/tcpip/tests/integration/link_resolution_test.go
index 209da3903..b4bffaec1 100644
--- a/pkg/tcpip/tests/integration/link_resolution_test.go
+++ b/pkg/tcpip/tests/integration/link_resolution_test.go
@@ -154,21 +154,21 @@ func TestPing(t *testing.T) {
 			}
 
 			host1Stack.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					Destination: ipv4Addr1.AddressWithPrefix.Subnet(),
 					NIC:         host1NICID,
 				},
-				tcpip.Route{
+				{
 					Destination: ipv6Addr1.AddressWithPrefix.Subnet(),
 					NIC:         host1NICID,
 				},
 			})
 			host2Stack.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					Destination: ipv4Addr2.AddressWithPrefix.Subnet(),
 					NIC:         host2NICID,
 				},
-				tcpip.Route{
+				{
 					Destination: ipv6Addr2.AddressWithPrefix.Subnet(),
 					NIC:         host2NICID,
 				},
diff --git a/pkg/tcpip/tests/integration/loopback_test.go b/pkg/tcpip/tests/integration/loopback_test.go
index cf9e86c3c..cb6169cfc 100644
--- a/pkg/tcpip/tests/integration/loopback_test.go
+++ b/pkg/tcpip/tests/integration/loopback_test.go
@@ -198,11 +198,11 @@ func TestLoopbackAcceptAllInSubnetUDP(t *testing.T) {
 				t.Fatalf("AddProtocolAddress(%d, %+v): %s", nicID, test.addAddress, err)
 			}
 			s.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					Destination: header.IPv4EmptySubnet,
 					NIC:         nicID,
 				},
-				tcpip.Route{
+				{
 					Destination: header.IPv6EmptySubnet,
 					NIC:         nicID,
 				},
@@ -291,7 +291,7 @@ func TestLoopbackSubnetLifetimeBoundToAddr(t *testing.T) {
 		t.Fatalf("s.AddProtocolAddress(%d, %#v): %s", nicID, protoAddr, err)
 	}
 	s.SetRouteTable([]tcpip.Route{
-		tcpip.Route{
+		{
 			Destination: header.IPv4EmptySubnet,
 			NIC:         nicID,
 		},
@@ -429,11 +429,11 @@ func TestLoopbackAcceptAllInSubnetTCP(t *testing.T) {
 				t.Fatalf("AddProtocolAddress(%d, %#v): %s", nicID, test.addAddress, err)
 			}
 			s.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					Destination: header.IPv4EmptySubnet,
 					NIC:         nicID,
 				},
-				tcpip.Route{
+				{
 					Destination: header.IPv6EmptySubnet,
 					NIC:         nicID,
 				},
diff --git a/pkg/tcpip/tests/integration/multicast_broadcast_test.go b/pkg/tcpip/tests/integration/multicast_broadcast_test.go
index fae6c256a..b42375695 100644
--- a/pkg/tcpip/tests/integration/multicast_broadcast_test.go
+++ b/pkg/tcpip/tests/integration/multicast_broadcast_test.go
@@ -166,11 +166,11 @@ func TestPingMulticastBroadcast(t *testing.T) {
 			// Default routes for IPv4 and IPv6 so ICMP can find a route to the remote
 			// node when attempting to send the ICMP Echo Reply.
 			s.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					Destination: header.IPv6EmptySubnet,
 					NIC:         nicID,
 				},
-				tcpip.Route{
+				{
 					Destination: header.IPv4EmptySubnet,
 					NIC:         nicID,
 				},
@@ -530,7 +530,7 @@ func TestReuseAddrAndBroadcast(t *testing.T) {
 			}
 
 			s.SetRouteTable([]tcpip.Route{
-				tcpip.Route{
+				{
 					// We use the empty subnet instead of just the loopback subnet so we
 					// also have a route to the IPv4 Broadcast address.
 					Destination: header.IPv4EmptySubnet,
@@ -699,11 +699,11 @@ func TestUDPAddRemoveMembershipSocketOption(t *testing.T) {
 					// routable to the multicast address when the NIC isn't specified.
 					if !subTest.specifyNICID && !subTest.specifyNICAddr {
 						s.SetRouteTable([]tcpip.Route{
-							tcpip.Route{
+							{
 								Destination: header.IPv6EmptySubnet,
 								NIC:         nicID,
 							},
-							tcpip.Route{
+							{
 								Destination: header.IPv4EmptySubnet,
 								NIC:         nicID,
 							},
diff --git a/pkg/tcpip/transport/tcp/tcp_test.go b/pkg/tcpip/transport/tcp/tcp_test.go
index 9fa4672d7..aeceee7e0 100644
--- a/pkg/tcpip/transport/tcp/tcp_test.go
+++ b/pkg/tcpip/transport/tcp/tcp_test.go
@@ -3461,7 +3461,7 @@ func TestRetransmitIPv4IDUniqueness(t *testing.T) {
 					checker.TCPFlagsMatch(header.TCPFlagAck, ^uint8(header.TCPFlagPsh)),
 				),
 			)
-			idSet := map[uint16]struct{}{header.IPv4(pkt).ID(): struct{}{}}
+			idSet := map[uint16]struct{}{header.IPv4(pkt).ID(): {}}
 			// Expect two retransmitted packets, and that all packets received have
 			// unique IPv4 ID values.
 			for i := 0; i <= 2; i++ {
@@ -5698,16 +5698,14 @@ func TestListenBacklogFullSynCookieInUse(t *testing.T) {
 		t.Fatalf("Bind failed: %s", err)
 	}
 
-	// Test acceptance.
 	// Start listening.
 	listenBacklog := 1
-	portOffset := uint16(0)
 	if err := c.EP.Listen(listenBacklog); err != nil {
 		t.Fatalf("Listen failed: %s", err)
 	}
 
-	executeHandshake(t, c, context.TestPort+portOffset, false)
-	portOffset++
+	executeHandshake(t, c, context.TestPort, false)
+
 	// Wait for this to be delivered to the accept queue.
 	time.Sleep(50 * time.Millisecond)